Comments on: rm -blah http://involution.com/2006/04/21/rm-blah/ Tony Perrie's Weblog Sat, 17 Jul 2010 00:32:20 +0000 hourly 1 http://wordpress.org/?v=3.0 By: Kost http://involution.com/2006/04/21/rm-blah/comment-page-1/#comment-105 Kost Mon, 24 Apr 2006 22:45:03 +0000 http://involution.com/2006/04/21/rm-blah/#comment-105 using rm ./-blah is bad practice (from security standpoint of view), rm -- "-blah" is better (also notice quotes around). Why? Imagine that you have root cron job on multiuser system doing some kind of rm through home dirs. some evil user could do "evil mkdir", like: mkdir -p "evil /etc/passwd" it will make argument to rm like (if not using quotes): rm "evil" "/etc/passwd". So, that will eventually delete /etc/passwd. Or even worse: mkdir -p "evil -r /etc" That will delete /etc/ (not using quotes and not using --). In short, beware what you are doing with rm/mv/cp in your (cron/whatever) scripts as root!! "--" and quotes("") are must!!! Also, if you don't like command line, you can use mc (midnight commander) for deleting such files. using rm ./-blah is bad practice (from security standpoint of view), rm — “-blah” is better (also notice quotes around).
Why? Imagine that you have root cron job on multiuser system doing some kind of rm through home dirs.
some evil user could do “evil mkdir”, like:
mkdir -p “evil /etc/passwd”
it will make argument to rm like (if not using quotes): rm “evil” “/etc/passwd”. So, that will eventually delete /etc/passwd. Or even worse:
mkdir -p “evil -r /etc”
That will delete /etc/ (not using quotes and not using –).
In short, beware what you are doing with rm/mv/cp in your (cron/whatever) scripts as root!! “–” and quotes(“”) are must!!!

Also, if you don’t like command line, you can use mc (midnight commander) for deleting such files.

]]> By: JTAxx http://involution.com/2006/04/21/rm-blah/comment-page-1/#comment-104 JTAxx Mon, 24 Apr 2006 15:42:58 +0000 http://involution.com/2006/04/21/rm-blah/#comment-104 Nope, i never got that problem before...how were they able to create such file other than a mv from blah to -blah is unlikely. I thought using double-quotes around the filename would work (it does for other strangely named files like #emacs_scratch_save#) It seems rm ./ and rm -- are the best solutions for this problem done by people paid more than us...well me at least. Nope, i never got that problem before…how were they able to create such file other than a mv from blah to -blah is unlikely.

I thought using double-quotes around the filename would work (it does for other strangely named files like #emacs_scratch_save#)

It seems rm ./ and rm — are the best solutions for this problem done by people paid more than us…well me at least.

]]>